program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000006340)=ANY=[@ANYBLOB="68000100", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="34000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100030188060209000503038e09080026006c09000008000c006400000008000d0000000000"], 0x68}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r5, 0x0, 0xf, 0x0, &(0x7f0000000140))
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f050440000009058303"], 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f00000005c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000540)={0x48, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x2, 0x3}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x20000000)

[  100.889912][ T5302] Bluetooth: hci0: command tx timeout
[  101.269133][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  101.419148][    T9] usb 5-1: Using ep0 maxpacket: 8
[  101.427430][    T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  101.432308][    T9] usb 5-1: config 179 has no interface number 0
[  101.435492][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  101.441525][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  101.448607][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  101.456172][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  101.461723][    T9] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  101.467378][    T9] usb 5-1: config 179 interface 65 has no altsetting 0
[  101.470966][    T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  101.476014][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.489826][ T5326] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  101.526740][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:179.65/input/input5
[  101.723896][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  101.728118][ T5326] usb 5-1: USB disconnect, device number 2
[  101.774763][ T5327] ------------[ cut here ]------------
[  101.777463][ T5327] !chanctx_conf
[  101.777481][ T5327] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5327
[  101.784403][ T5327] Modules linked in:
[  101.786916][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  101.791499][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.796101][ T5327] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  101.799444][ T5327] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 52 f5 a3 f6 90 0f 0b 90 eb e1 e8 47 f5 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  101.808957][ T5327] RSP: 0018:ffffc9000f386f48 EFLAGS: 00010287
[  101.811827][ T5327] RAX: ffffffff8b21bb39 RBX: ffff888043b74000 RCX: 0000000000100000
[  101.816119][ T5327] RDX: ffffc90020802000 RSI: 000000000000038c RDI: 000000000000038d
[  101.820579][ T5327] RBP: 0000000000000000 R08: ffffffff8b21b653 R09: ffffffff8e75e520
[  101.824571][ T5327] R10: dffffc0000000000 R11: ffffed100876e831 R12: 1ffff1100876e80a
[  101.828269][ T5327] R13: ffff8880428d8e80 R14: 0000000000000001 R15: ffffffff8b21b653
[  101.832144][ T5327] FS:  00007f9b0d7f56c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  101.836842][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  101.839978][ T5327] CR2: 0000200000001080 CR3: 0000000011ea7000 CR4: 0000000000352ef0
[  101.843606][ T5327] Call Trace:
[  101.845195][ T5327]  <TASK>
[  101.846648][ T5327]  rate_control_rate_init_all_links+0x109/0x1a0
[  101.849738][ T5327]  sta_apply_auth_flags+0x1c2/0x400
[  101.852325][ T5327]  sta_apply_parameters+0xea9/0x1620
[  101.854787][ T5327]  ieee80211_add_station+0x424/0x6a0
[  101.857179][ T5327]  rdev_add_station+0xfc/0x2c0
[  101.859900][ T5327]  nl80211_new_station+0x1864/0x1d30
[  101.862972][ T5327]  ? trace_contention_end+0x3d/0x150
[  101.865405][ T5327]  ? __pfx_nl80211_new_station+0x10/0x10
[  101.867849][ T5327]  ? __rtnl_unlock+0xc8/0xf0
[  101.870101][ T5327]  ? nl80211_pre_doit+0x4f1/0x930
[  101.872902][ T5327]  genl_family_rcv_msg_doit+0x22a/0x330
[  101.875650][ T5327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  101.878311][ T5327]  ? bpf_lsm_capable+0x9/0x20
[  101.880758][ T5327]  ? security_capable+0x7e/0x2c0
[  101.882836][ T5327]  genl_rcv_msg+0x61c/0x7a0
[  101.885164][ T5327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  101.887526][ T5327]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  101.890547][ T5327]  ? __pfx_nl80211_new_station+0x10/0x10
[  101.893416][ T5327]  ? __pfx_nl80211_post_doit+0x10/0x10
[  101.896113][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  101.898879][ T5327]  netlink_rcv_skb+0x232/0x4b0
[  101.901193][ T5327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  101.904367][ T5327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  101.907255][ T5327]  ? down_read+0x272/0x2e0
[  101.909799][ T5327]  ? genl_rcv+0xd/0x40
[  101.911656][ T5327]  genl_rcv+0x28/0x40
[  101.913513][ T5327]  netlink_unicast+0x80f/0x9b0
[  101.915742][ T5327]  ? __pfx_netlink_unicast+0x10/0x10
[  101.918200][ T5327]  ? netlink_sendmsg+0x650/0xb40
[  101.920786][ T5327]  ? skb_put+0x11b/0x210
[  101.923163][ T5327]  netlink_sendmsg+0x813/0xb40
[  101.925669][ T5327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.928135][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[  101.931045][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  101.934049][ T5327]  ____sys_sendmsg+0x972/0x9f0
[  101.936512][ T5327]  ? futex_unqueue+0x211/0x240
[  101.939068][ T5327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  101.941692][ T5327]  ? import_iovec+0x73/0xa0
[  101.943658][ T5327]  ___sys_sendmsg+0x2a5/0x360
[  101.945856][ T5327]  ? __pfx____sys_sendmsg+0x10/0x10
[  101.948273][ T5327]  ? futex_wait+0x29a/0x380
[  101.950473][ T5327]  ? __fget_files+0x2a/0x420
[  101.952779][ T5327]  ? __fget_files+0x3a0/0x420
[  101.954976][ T5327]  __x64_sys_sendmsg+0x1bd/0x2a0
[  101.958041][ T5327]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  101.961261][ T5327]  ? rcu_is_watching+0x15/0xb0
[  101.963670][ T5327]  do_syscall_64+0x14d/0xf80
[  101.965749][ T5327]  ? trace_irq_disable+0x3b/0x150
[  101.968293][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.972204][ T5327]  ? clear_bhb_loop+0x40/0x90
[  101.974420][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.977096][ T5327] RIP: 0033:0x7f9b1139c799
[  101.979206][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  101.989927][ T5327] RSP: 002b:00007f9b0d7f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.993633][ T5327] RAX: ffffffffffffffda RBX: 00007f9b11616090 RCX: 00007f9b1139c799
[  101.997477][ T5327] RDX: 0000000020000000 RSI: 0000200000001080 RDI: 0000000000000006
[  102.001645][ T5327] RBP: 00007f9b11432c99 R08: 0000000000000000 R09: 0000000000000000
[  102.006141][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.011929][ T5327] R13: 00007f9b11616128 R14: 00007f9b11616090 R15: 00007ffe561469d8
[  102.015944][ T5327]  </TASK>
[  102.017386][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  102.020837][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.025055][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.030136][ T5327] Call Trace:
[  102.031741][ T5327]  <TASK>
[  102.033164][ T5327]  vpanic+0x56c/0xa60
[  102.035014][ T5327]  ? __pfx__printk+0x10/0x10
[  102.037145][ T5327]  ? __pfx_vpanic+0x10/0x10
[  102.039604][ T5327]  ? is_bpf_text_address+0x292/0x2b0
[  102.042880][ T5327]  ? is_bpf_text_address+0x26/0x2b0
[  102.045556][ T5327]  panic+0xc5/0xd0
[  102.047343][ T5327]  ? __pfx_panic+0x10/0x10
[  102.049407][ T5327]  __warn+0x315/0x4f0
[  102.051242][ T5327]  ? rate_control_rate_init+0x64a/0x6e0
[  102.053910][ T5327]  ? rate_control_rate_init+0x64a/0x6e0
[  102.056670][ T5327]  __report_bug+0x29a/0x540
[  102.059205][ T5327]  ? lockdep_hardirqs_on+0x7a/0x110
[  102.061782][ T5327]  ? rate_control_rate_init+0x64a/0x6e0
[  102.064450][ T5327]  ? __pfx___report_bug+0x10/0x10
[  102.067188][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  102.069981][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  102.072307][ T5327]  ? rate_control_rate_init+0x64a/0x6e0
[  102.074812][ T5327]  report_bug+0x16a/0x220
[  102.076636][ T5327]  ? rate_control_rate_init+0x64a/0x6e0
[  102.079078][ T5327]  ? rate_control_rate_init+0x64c/0x6e0
[  102.081653][ T5327]  handle_bug+0x9c/0x200
[  102.083666][ T5327]  exc_invalid_op+0x1a/0x50
[  102.085583][ T5327]  asm_exc_invalid_op+0x1a/0x20
[  102.088173][ T5327] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  102.091257][ T5327] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 52 f5 a3 f6 90 0f 0b 90 eb e1 e8 47 f5 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  102.101200][ T5327] RSP: 0018:ffffc9000f386f48 EFLAGS: 00010287
[  102.104492][ T5327] RAX: ffffffff8b21bb39 RBX: ffff888043b74000 RCX: 0000000000100000
[  102.108827][ T5327] RDX: ffffc90020802000 RSI: 000000000000038c RDI: 000000000000038d
[  102.112355][ T5327] RBP: 0000000000000000 R08: ffffffff8b21b653 R09: ffffffff8e75e520
[  102.115942][ T5327] R10: dffffc0000000000 R11: ffffed100876e831 R12: 1ffff1100876e80a
[  102.119678][ T5327] R13: ffff8880428d8e80 R14: 0000000000000001 R15: ffffffff8b21b653
[  102.123787][ T5327]  ? rate_control_rate_init+0x163/0x6e0
[  102.126551][ T5327]  ? rate_control_rate_init+0x163/0x6e0
[  102.129120][ T5327]  ? rate_control_rate_init+0x649/0x6e0
[  102.131928][ T5327]  ? rate_control_rate_init+0x649/0x6e0
[  102.134967][ T5327]  rate_control_rate_init_all_links+0x109/0x1a0
[  102.138084][ T5327]  sta_apply_auth_flags+0x1c2/0x400
[  102.140616][ T5327]  sta_apply_parameters+0xea9/0x1620
[  102.143145][ T5327]  ieee80211_add_station+0x424/0x6a0
[  102.145912][ T5327]  rdev_add_station+0xfc/0x2c0
[  102.148701][ T5327]  nl80211_new_station+0x1864/0x1d30
[  102.151569][ T5327]  ? trace_contention_end+0x3d/0x150
[  102.153948][ T5327]  ? __pfx_nl80211_new_station+0x10/0x10
[  102.156393][ T5327]  ? __rtnl_unlock+0xc8/0xf0
[  102.158659][ T5327]  ? nl80211_pre_doit+0x4f1/0x930
[  102.161544][ T5327]  genl_family_rcv_msg_doit+0x22a/0x330
[  102.164552][ T5327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  102.167232][ T5327]  ? bpf_lsm_capable+0x9/0x20
[  102.169378][ T5327]  ? security_capable+0x7e/0x2c0
[  102.171709][ T5327]  genl_rcv_msg+0x61c/0x7a0
[  102.173863][ T5327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  102.176457][ T5327]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  102.179159][ T5327]  ? __pfx_nl80211_new_station+0x10/0x10
[  102.181766][ T5327]  ? __pfx_nl80211_post_doit+0x10/0x10
[  102.184370][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  102.186863][ T5327]  netlink_rcv_skb+0x232/0x4b0
[  102.189120][ T5327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  102.191663][ T5327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  102.194248][ T5327]  ? down_read+0x272/0x2e0
[  102.196399][ T5327]  ? genl_rcv+0xd/0x40
[  102.198460][ T5327]  genl_rcv+0x28/0x40
[  102.200481][ T5327]  netlink_unicast+0x80f/0x9b0
[  102.202868][ T5327]  ? __pfx_netlink_unicast+0x10/0x10
[  102.205416][ T5327]  ? netlink_sendmsg+0x650/0xb40
[  102.207829][ T5327]  ? skb_put+0x11b/0x210
[  102.210111][ T5327]  netlink_sendmsg+0x813/0xb40
[  102.212687][ T5327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.215423][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[  102.217678][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  102.220048][ T5327]  ____sys_sendmsg+0x972/0x9f0
[  102.222363][ T5327]  ? futex_unqueue+0x211/0x240
[  102.225000][ T5327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  102.227598][ T5327]  ? import_iovec+0x73/0xa0
[  102.230012][ T5327]  ___sys_sendmsg+0x2a5/0x360
[  102.232260][ T5327]  ? __pfx____sys_sendmsg+0x10/0x10
[  102.234524][ T5327]  ? futex_wait+0x29a/0x380
[  102.236670][ T5327]  ? __fget_files+0x2a/0x420
[  102.238925][ T5327]  ? __fget_files+0x3a0/0x420
[  102.241767][ T5327]  __x64_sys_sendmsg+0x1bd/0x2a0
[  102.245639][ T5327]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  102.248489][ T5327]  ? rcu_is_watching+0x15/0xb0
[  102.250706][ T5327]  do_syscall_64+0x14d/0xf80
[  102.252882][ T5327]  ? trace_irq_disable+0x3b/0x150
[  102.255230][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.258455][ T5327]  ? clear_bhb_loop+0x40/0x90
[  102.260966][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.264000][ T5327] RIP: 0033:0x7f9b1139c799
[  102.266022][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.274691][ T5327] RSP: 002b:00007f9b0d7f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.279257][ T5327] RAX: ffffffffffffffda RBX: 00007f9b11616090 RCX: 00007f9b1139c799
[  102.284354][ T5327] RDX: 0000000020000000 RSI: 0000200000001080 RDI: 0000000000000006
[  102.288093][ T5327] RBP: 00007f9b11432c99 R08: 0000000000000000 R09: 0000000000000000
[  102.291754][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.295395][ T5327] R13: 00007f9b11616128 R14: 00007f9b11616090 R15: 00007ffe561469d8
[  102.299258][ T5327]  </TASK>
[  102.301261][ T5327] Kernel Offset: disabled
[  102.303312][ T5327] Rebooting in 86400 seconds..